VerdantBamboo Targets Linux Systems with Customized Malware Arsenal
Meet VerdantBamboo, a stealthy threat actor that infiltrated Linux and BSD systems, hiding in plain sight for 18 months by cleverly evading detection and morphing its malware arsenal to blend in. Its sophisticated attacks went undetected until Volexity's incident response team uncovered the intrusion, revealing a complex trail that led…
#Verdantbamboo #Linux #CustomizedMalware #Microsoft365 #Egnyte
VerdantBamboo (UNC5221): il gruppo APT cinese che resta invisibile per 18 mesi con tre backdoor inedite
Volexity ricostruisce un'intrusione durata 18 mesi da parte del gruppo APT cinese VerdantBamboo/UNC5221. Tre backdoor inedite — BRICKSTORM, PLENET e AGENTPSD — deployate su appliance senza EDR per bypassare le Conditional Access Policy di Microsoft 365. Il gruppo è tornato pochi giorni dopo la remediation.
Chinese #APT deploys new #malware to keep access to hacked networks
#China #cybersecurity #UNC5221 #Brickstorm #Planet #AgentPSD #VerdantBamboo
In September 2025, Volexity conducted an incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine appliance on a customer’s network. The virtual machine was an Egnyte Storage Sync system, which is designed to facilitate sync local on-premise files with the cloud. Volexity discovered that instead of connecting to a domain affiliated with Egnyte, the appliance was connecting to a threat-actor-controlled domain behind Cloudflare IP addresses.
Chinese APT Exploits New Malware to Prolong Network Access
A Chinese-linked espionage group, tracked as UNC5221 or VerdantBamboo, exploited new malware to secretly maintain access to US networks for over 18 months, evading detection by blending in with legitimate traffic. The attackers used a sophisticated backdoor called Brickstorm to prolong their stay undetected.
#ChineseApt #MalwareOperations #NationState #Unc5221 #Verdantbamboo
Analyst207
(in)sicurezza digitale
The New Oil
The Threat Codex